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REMARKS 

Applicant has carefully reviewed and considered the Office Action mailed on September 
IL 2003 , and the references cited therewith. 

Claims 1 and 9 are amended, and claims 15-20 are added; as a result, claims 1-20 are 
now pending in this application. 

SI 03 Rejection of the Claims 

Claims 1-14 were rejected under 35 USC § 103(a) as being unpatentable over 
Mashayekhi et al. (U.S. 5,81 8,936) in view of Viavant et al.(U.S. 5,784,566). It is fundamental 
that in order to sustain an obviousness rejection each and every element or step of the rejected 
claims must be taught or suggested in the cited references. 

Here, neither reference in isolation nor in combination teach or suggest providing an 
"authentication secret" to a client node as is recited in Applicant's amended and newly added 
independent claims 1, 9, and 15. Moreover, neither reference in isolation nor in combination 
teach or suggest a "session key" or a dual key that also includes a "common key" in the manners 
recited and positively claimed in Applicant's amended independent claims 1 and 9 and 
Applicant's newly added independent claim 15. 

More specifically, Mashayekhi is directed towards an automated authentication service 
that automates an authentication exchange between a user and an application over a network. 
Mashayekhi attempts to limit exchanges of keys and information over a network and specifically 
states that its teachings are designed to reduce this need which will thereby improve bandwidth 
and not compromise security by exposing these keys urmecessarily over the network lines. E.g., 
Mashayekhi, col. 5, lines 22-33). 

As a result, Mashayekhi does not send application secrets to a user's machine {e.g., 
client). The secrets are maintained by an API that does not reside on and is not directly 
accessible to the user. E.g., Mashayekhi, Fig. 2, node 210; and col. 5, lines 34-40. The 
authentication configuration of Mashayekhi provides a separate node and API that is accessible 
to a user's machine defined in Fig. 1 as 102a-102n. The server node (Fig. 1 104a-104n) is 
configured and expanded as shown in Fig. 2. Moreover, the entire specification and teaching of 
Mashayekhi comports with this arrangement. Thus, the secrets in Mashayekhi are not provided 
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to the user's machine. The user authenticates during an initial login and the secrets reside and 
are maintained on the server nodes which are not part of the user's machine. Conversely, 
Applicant's amended and newly added independent claims recite an authentication secret that is 
specifically provided to the client. The client uses this secret to directly (and not indirectly as 
required by the Mashayekhi teachings) authenticate to the desired network resource. 

Additionally, Viavant cannot be used to modify the teachings of Mashayekhi in order to 
provide this teaching, because to do so would defeat the purpose and teachings of Mashayekhi. 
That is, the whole point of the Mashayekhi teaching is to avoid sending secrets over the network, 
which may be compromised and which consume excessive bandwidth during network 
transactions. 

Therefore, the rejections should be withdrawn, because Mashayekhi fails to teach sending 
secrets to a client as is recited in Applicant's independent claims, and because Viavant cannot be 
used to modify Mashayekhi in order to achieve the same because to do so defeats and runs 
contrary to the teachings of Mashayekhi. Thus, Applicant respectfully requests that the 
rejections be withdrawn along with an indication that the claims are in condition for allowance. 

Furthermore, Applicant's independent claims concisely recite a session key that is novel 
over the references cited by the Examiner. Applicant's session key is needed to first decrypt the 
common key, the common key is needed to decrypt the authentication secret. Thus, Applicant's 
independent claims require a unique arrangement and use of dual keys before any authentication 
secret can be acquired. It is not common and it is not taught or suggested in Mashayekhi or 
Viavant a key arrangement and key usage as is positively recited in Applicant's independent 
claims. There is no teaching of double encryption that uses double keys as is recited in 
Applicant's independent claims. 

Thus, Applicant also respectfully submits that Applicant's independent claims teach and 
positively recite a specific type of session key that is not taught or suggested in the references 
cited. This teaching of the Applicant's independent claims can not be found in any single 
reference standing alone or in any proposed combination of the references. Thus, Applicant's 
submit the rejections should be withdrawn and the claims allowed. 
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Conclusion 

Applicant respectfully submits that the claims are in condition for allowance and 
notification to that efifect is earnestly requested. The Examiner is invited to telephone 
Applicant*s attorney ((513) 942-0224) to facilitate prosecution of this application. 

If necessary, please charge any additional fees or credit overpayment to Deposit Account 
No. 19-0743 



Respectfully submitted. 



CAMERON MASHAYEKHI 
By Ms Representatives, 

SCHWEGMAN, LUNDBERG. WOESSNER & EXUTH, PA. 
P.O. Box 2938 
Miimeapolis, MN 55402 
(513)942;j0224 
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